Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35601 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35602 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | |||||
| CVE-2022-35599 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. | |||||
| CVE-2022-35604 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter 'searchTxt'. | |||||
| CVE-2022-35606 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | |||||
| CVE-2022-35605 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | |||||
| CVE-2022-35603 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35598 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. | |||||
| CVE-2022-35175 | 1 Barangay Management System Project | 1 Barangay Management System | 2022-08-18 | N/A | 9.8 CRITICAL |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. | |||||
| CVE-2022-20280 | 1 Google | 1 Android | 2022-08-18 | N/A | 3.3 LOW |
| In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261 | |||||
| CVE-2022-36272 | 1 Mingsoft | 1 Mcms | 2022-08-17 | N/A | 9.8 CRITICAL |
| Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. | |||||
| CVE-2022-2847 | 1 Guest Management System Project | 1 Guest Management System | 2022-08-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Guest Management System. This issue affects some unknown processing of the file /guestmanagement/front.php. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206489 was assigned to this vulnerability. | |||||
| CVE-2021-39085 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more | 2022-08-17 | N/A | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888. | |||||
| CVE-2022-36242 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-17 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. | |||||
| CVE-2022-36599 | 1 Mingsoft | 1 Mcms | 2022-08-17 | N/A | 9.8 CRITICAL |
| Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists. | |||||
| CVE-2022-2812 | 1 Guest Management System Project | 1 Guest Management System | 2022-08-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-206398 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-35942 | 1 Linuxfoundation | 1 Loopback-connector-postgresql | 2022-08-16 | N/A | 10.0 CRITICAL |
| Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. A patch was released in version 5.5.1. This affects users who does any of the following: - Connect to the database via the DataSource with `allowExtendedProperties: true` setting OR - Uses the connector's CRUD methods directly OR - Uses the connector's other methods to interpret the LoopBack filter. Users who are unable to upgrade should do the following if applicable: - Remove `allowExtendedProperties: true` DataSource setting - Add `allowExtendedProperties: false` DataSource setting - When passing directly to the connector functions, manually sanitize the user input for the `contains` LoopBack filter beforehand. | |||||
| CVE-2022-35956 | 1 Update By Case Project | 1 Update By Case | 2022-08-16 | N/A | 9.8 CRITICAL |
| This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses `Arel` instead to construct the resulting sql statement, with sanitized sql. | |||||
| CVE-2022-2803 | 1 Zoo Management System Project | 1 Zoo Management System | 2022-08-16 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206249 was assigned to this vulnerability. | |||||
| CVE-2022-2802 | 1 Gas Agency Management System Project | 1 Gas Agency Management System | 2022-08-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code of the file gasmark/login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206248. | |||||